After this discussion Code.eval_something I was looking for some info and found this thesis, imo it contains valuable ideas and is readable for someone who did not study informatics: https://www.cas.mcmaster.ca/~carette/publications/FedorenkoThesis.pdf . Some quotes:
Most input preprocessing techniques for online applications were developed at the beginning of this century, and in spite of their rapid advancement, there are still some issues that validation frameworks have in common. In our opinion, one of the root problems is their focus on initial experience of use of constructs rather than security and code maintenance characteristics. While adding a validation rule right to a view and then binding it to a model or business layer is not difficult to implement, in the long term perspective, this approach does not scale well. In such a case, changes in requirements demand modification on several layers, and since request validation is usually splashed all over the codebase, in order to grasp how a certain parameter is validated one would need to construct the whole picture from different places. This introduces notable accidental complexity and is not acceptable from the code support point of view. All of the existing solutions that were studied include some set of validation utility classes that can be utilized for data preprocessing. However, most of them provide only basic validation/normalization rules and generally do not include a toolkit that is sufficient enough for rapid application development. Due to lack of uniformity, developers often need to write boilerplate code and validators which might not take into account all traits or have security holes. Most validation frameworks focus only on processing of web form input and do not support the same interface for a URL path, regular GET/POST parameters, cookies, and headers which can be also part of the input. Finally, we were not able to find a solution that, besides its main validation capabilities, facilitates best practices in usability of data input. As they are quite crucial for providing a good user experience, ignoring them can result in a direct revenue loss.